Communication system and communication control server and communication terminals consituting that communication system

ABSTRACT

A communication systems ( 100 ) comprises terminals ( 103, 104 ) and an intermediate server ( 101 ) that notifies destination information for determining the address of the second communication terminal on the network. The terminal ( 103 ) transmits to the intermediate server ( 101 ) a request message for requesting the destination information. The intermediate server ( 101 ) comprises a storage unit ( 206 ) that has stored a permitted-terminal table indicative of correspondence between the terminal ( 104 ) and a terminal permitted to be connected with the terminal ( 104 ); a reception unit ( 203 ) for receiving the request message; and a control part ( 201 ) for determining, based on the permitted-terminal table, whether the terminal ( 103 ) that has transmitted the received request message is a terminal permitted, by the terminal ( 104 ), to be connected with the terminal ( 104 ), and for notifying the terminal ( 103 ) of the destination information of the terminal ( 104 ) only if the terminal ( 103 ) is a terminal permitted to be connected with the terminal ( 104 ).

TECHNICAL FIELD

The present invention relates to a communication system in whichcommunication control is performed between terminals connected via acommunication network, a communication control method in thecommunication system, and a communication control server andcommunication terminals that compose the communication system.

BACKGROUND ART

With the development of communication network infrastructure in recentyears, many users are connecting to the Internet. In addition, broadbandnetwork access has become possible due to the spread of high-speedaccess links such as DSL, cable modems, and optical fibers.

Furthermore, various new types of terminals that connect to the Internethave been developed, and even home appliances such as televisions andhard disk video recorders that use the Internet have been developed. Inaddition to conventional server-client service, the Internet can nowalso be used for Peer to Peer services by which user terminalscommunicate with each other directly.

Generally, a terminal used by a subscriber to a network service isdynamically allocated an IP address at the time of connecting to theInternet using PPP (Point to Point Protocol), PPoE (PPP over Ethernet),or the like. As such, the IP address of the terminal changes with eachconnection.

Therefore, it is necessary to provide a structure that enables terminalsmaking a Peer to Peer connection to acquire the IP address allocated tothe other terminal at that time. Patent Documents 1 and 2, which aredescribed later, are disclosed as conventional techniques for solvingthis problem.

According to these techniques, a user terminal that connects to theInternet according to a dial-up connection or the like can do so withoutother users experiencing problems, and communication between userterminals can be established easily.

However, in the aforementioned communication between user terminals,since each user terminal connected to the Internet specifies its IPaddress, user terminals are accessible from anywhere. For this reason, aproblem arises of users experiencing inconveniences such as otherparties making unwanted connections for malicious purposes or the like.

DISCLOSURE OF THE INVENTION

In view of the stated problem, the present invention has an object ofproviding a communication control server, a communication terminal and acommunication system that effectively prevent unwanted connections fromother user terminals in communication between user terminals.

In order to achieve the stated object, the present invention is acommunication system including a first communication terminal, a secondcommunication terminal, and a communication control server, thecommunication control server notifying destination information forspecifying an address of the second communication terminal on a network,and the first communication terminal transmitting a request message tothe communication control server to request the destination information,the communication control server including: a permitted-terminal tablestorage unit operable to store a permitted-terminal table that showscorrelation between the second communication terminal and one or moreconnection-permitted communication terminals that are permitted toconnect to the second communication terminal; a request messagereception unit operable to receive the request message; a terminaldetermination unit operable to determine, based on thepermitted-terminal table, whether or not the first communicationterminal that transmitted the received request message is aconnection-permitted communication terminal; and a notification controlunit operable to notify the first communication terminal of thedestination information, only when the first communication terminal hasbeen determined to be a connection-permitted communication terminal.

Here, the address may be an IP address.

Here, the address may be composed of an IP address and a port number.

Furthermore, the present invention is a communication control serverthat notifies destination information for specifying an address of acommunication terminal, including: a permitted-terminal table storageunit operable to store a permitted-terminal table that shows correlationbetween the communication terminal and one or more connection-permittedcommunication terminals that are permitted to connect to thecommunication terminal; a request message reception unit operable toreceive a request message from a request-source communication terminal,the request message requesting the destination information; a terminaldetermination unit operable to determine, based on the permittedterminal table, whether or not the request-source communication terminalis a connection-permitted communication terminal; and a notificationcontrol unit operable to notify the request-source communicationterminal of the destination information of the communication terminal,only when the request-source communication terminal is determined to bea connection-permitted communication terminal.

Accordingly, address information necessary for connection is notifiedonly to a communication terminal that has advance permission to connect.Therefore, the user of the communication terminal can effectivelyprevent connection from users from which he/she does not wish to receiveconnection.

Here, in the communication system, the notification control unit mayinclude: an authentication information creation sub-unit operable to,only when the first communication terminal has been determined to be aconnection-permitted terminal, create authentication information for thesecond communication terminal to authenticate the first communicationterminal, the notification control unit may further notify theauthentication information to the first communication terminal and thesecond communication terminal, the first communication terminal maytransmit the notified authentication information to the secondcommunication terminal when making a connection request to the secondcommunication terminal, and the second communication terminal mayinclude: a reception unit operable to receive the authenticationinformation from the first communication terminal; a determination unitoperable to determine whether or not the received authenticationinformation and the notified authentication information match; and aconnection control unit operable to permit a connection from the firstcommunication terminal, only when the received authenticationinformation and the notified authentication information match.

Furthermore, the present invention is a communication terminal that isconnected to a communication control server over a network, including: apermitted-communication terminal registration request unit operable tomake a request, to the communication control server, to register one ormore communication terminals that are permitted to connect to thecommunication terminal; an authentication information reception unitoperable to, when a communication terminal that has requesteddestination information for specifying an address of the communicationterminal on the network is any one of the communication terminal that ispermitted to connect to the communication terminal, receiveauthentication information for authenticating the communication terminalthat requested the destination information; an identificationinformation reception unit operable to receive, from the communicationterminal that requested the destination information, a connectionacceptance request and identification information that identifies thecommunication terminal that requested the destination information; adetermination unit operable to determine whether or not theauthentication information and the identification information match; anda connection control unit operable to permit a connection based on theconnection acceptance request from the terminal that requested thedestination information, only when the authentication information andthe identification information match.

Furthermore, the present invention is a connection control program usedin a communication terminal that is connected to a communication controlserver over a network, the connection control program including: apermitted-communication terminal registration request step of making arequest, to the communication control server, to register one or morecommunication terminals that are permitted to connect to thecommunication terminal; an authentication information reception step of,when a communication terminal that has requested destination informationfor specifying an address of the communication terminal on the networkis any one of the communication terminals that are permitted to connectto the communication terminal, receiving authentication information forauthenticating the communication terminal that requested the destinationinformation; an identification information reception step of receiving,from the communication terminal that requested the destinationinformation, a connection acceptance request and identificationinformation that identifies the communication terminal that requestedthe destination information; a determination step of determining whetheror not the authentication information and the identification informationmatch; and a connection control step of permitting a connection based onthe connection acceptance request from the terminal that requested thedestination information, only when the authentication information andthe identification information match.

Furthermore, the present invention is a computer-readable recordingmedium on which is recorded a connection control program used in acommunication terminal that is connected to a communication controlserver over a network, the connection control program including: apermitted-communication terminal registration request step of making arequest, to the communication control server, to register one or morecommunication terminals that are permitted to connect to thecommunication terminal; an authentication information reception step of,when a communication terminal that has requested destination informationfor specifying an address of the communication terminal on the networkis any one of the communication terminals that are permitted to connectto the communication terminal, receiving authentication information forauthenticating the communication terminal that requested the destinationinformation; an identification information reception step of receiving,from the communication terminal that requested the destinationinformation, a connection acceptance request and identificationinformation that identifies the communication terminal that requestedthe destination information; a determination step of determining whetheror not the authentication information and the identification informationmatch; and a connection control step of permitting a connection based onthe connection acceptance request from the terminal that requested thedestination information, only when the authentication information andthe identification information match.

Furthermore, the present invention is a connection control method usedin a communication terminal that is connected to a communication controlserver over a network, the connection control method including: apermitted-communication terminal registration request step of making arequest, to the communication control server, to register one or morecommunication terminals that are permitted to connect to thecommunication terminal; an authentication information reception step of,when a communication terminal that has requested destination informationfor specifying an address of the communication terminal on the networkis any one of the communication terminals that are permitted to connectto the communication terminal, receiving authentication information forauthenticating the communication terminal that requested the destinationinformation; an identification information reception step of receiving,from the communication terminal that requested the destinationinformation, a connection acceptance request and identificationinformation that identifies the communication terminal that requestedthe destination information; a determination step of determining whetheror not the authentication information and the identification informationmatch; and a connection control step of permitting a connection based onthe connection acceptance request from the terminal that requested thedestination information, only when the authentication information andthe identification information match.

Accordingly, the communication control server can perform the task ofissuing authentication information with respect to the communicationterminal that requested connection, instead of the communicationterminal. Therefore, the communication terminal to which the request forconnection is being made can proceed with the task of authenticationrelatively easily.

Here, in the communication system, the notification control unit mayinclude: an encrypt key creation unit operable to create an encrypt keyfor encryption and decryption of information transmitted between thefirst communication terminal and the second communication terminal, andthe notification control unit further notifies the encrypt key to thefirst communication terminal and the second communication terminal.

This structure effectively prevents authentication informationtransmitted between communication terminals from being wrongfullyacquired and decoded by a third party.

Here, in the communication system the communication terminal may furtherinclude a storage unit operable to store a plurality of types ofcommunication data potentially transmitted to a callee communicationterminal, each type of communication data being stored in correspondencewith a respective data attribute thereof; a transmission unit operableto transmit a request message to the communication control server, therequest message requesting destination information for specifying theaddress of a callee communication terminal on the network; anacquisition unit operable to obtain the destination information notifiedby the server, only when the communication terminal is permitted toconnect to the callee terminal; a connection establishment unit operableto establish a connection with the callee communication terminal basedon the acquired destination information; a designation reception unitoperable to receive a designation of communication data to betransmitted; a data attribute determination unit operable to determinewhether or not the designated communication data has a specific dataattribute; a transfer ask unit operable to, when the designatedcommunication data has the specific data attribute, ask thecommunication control server to transfer the designated communicationdata to the callee communication terminal; and a transmission controlunit operable to control such that (i) when the designated communicationdata has the specific data attribute, the designated communication datais transmitted to the communication control server, and (ii) when thedesignated communication data does not have the specific data attribute,the designated communication data is transmitted directly to the calleeterminal.

Furthermore, in the communication terminal, the address may be an IPaddress.

Furthermore, in the communication terminal, the address may be composedof an IP address and a port number.

Furthermore, in the communication terminal, the address may change fromtime to time.

Accordingly, the communication data to be transmitted to the calleecommunication terminal is transmitted via the communication controlserver only when the communication data is of the specific type. Inother cases, the communication data is transmitted directly to thecallee communication terminal. This lightens the load on thecommunication control server for transmitting communication data.

Here, in the communication terminal, the transmission control unit mayincludes: an extraction sub-unit operable to, when the designatedcommunication data is MPEG-encoded video data, extract an I picture fromthe video data; and an encryption sub-unit operable to encrypt theextracted I picture, the transfer ask unit may ask that the encrypted Ipicture be transferred to the callee communication terminal, and thetransmission control unit may transmit the encrypted I picture to thecommunication control server, and transmit remaining video dataexcluding the I picture directly to the connected callee communicationterminal.

Accordingly, only I pictures, which are essential in video dataplayback, are transmitted in an encrypted form to the calleecommunication terminal via the communication control server. Otherstructural elements of the video data are transmitted directly to thecallee communication terminal without being encrypted. Therefore, theload in the callee communication terminal for decrypting encrypting datacan be lightened. In addition, even if the video data is wrongfullyacquired by a third party while being transmitted, the acquired videodata will not be able to be wrongfully played back and viewed by thethird party because the I pictures which are essential for video dataplayback are transmitted in an encrypted form.

Here, in the communication terminal, the data attributes may showwhether or not the communication data is secret, the transfer ask unit,when the data attribute of the designated communication data shows thatthe designated communication data is secret, may ask the communicationcontrol server to transfer the designated data to the calleecommunication terminal, and the communication control unit, when thedata attribute of the designated communication data shows that thedesignated communication data is secret, may encrypt the designatedcommunication data, and transmit the encrypted designated communicationdata to the communication control server.

Accordingly, highly secret data is transmitted in an encrypted form viathe communication control server to the callee communication terminal,and only data which is not secret is transmitted directly to the calleeterminal. Therefore, by classifying the data recorded in thecommunication terminal in advance according to the level of secrecy, theuser can transmit the data to a callee communication terminal with peaceof mind, and without having to be concerned about secret data beingwrongfully acquired and viewed by others.

Here, in the communication system, the notification control unit mayfurther, before notifying the first communication terminal of thedestination information of the second communication terminal, transmit aquery message to the second communication terminal, the query messagequerying as to whether or not the second communication terminal is ableto accept a connection from the first communication terminal, the secondterminal may include: a reception unit operable to receive the querymessage; and a connection acceptability notification unit operable todetermine, according to a load state upon receiving the query message,whether or not the connection from the first communication terminal isable to be accepted, and notify the communication control server of anacceptability notification message that shows a result of thedetermination, the notification control unit may include: a connectionacceptability determination sub-unit operable to determine, based on thenotified acceptability notification message, whether or not the secondcommunication terminal is in a state of being able to accept theconnection from the first communication terminal, and when the secondcommunication terminal is in a state of being able to accept theconnection, the notification control unit notifies the firstcommunication terminal of the destination information.

Furthermore, in the communication terminal, the identificationinformation reception unit may further, before the connection acceptancerequest is transmitted, receive a query message from the communicationcontrol unit, the query message querying whether or not a connectionfrom the communication terminal that requested the destinationinformation is able to be accepted, and the connection control unit maydetermine whether or not the connection from the first communicationterminal is able to be accepted according to a load state upon receivingthe query message, and notify the communication control server of aresult of the determination.

Accordingly, connection from other communication terminals is controlledaccording to the load on the user's communication terminal. Thisprevents communication problems caused by the communication terminalaccepting connection from other communication terminals at times whenthe load is great.

Here, in the communication system, when the first communication terminalis determined not to be a connection-permitted terminal, thenotification control unit may notify the first communication terminal ofa notification message showing that the first communication terminal isnot permitted to connect to the second communication terminal, and whenthe second communication terminal is in a state of being unable toaccept the connection from the first communication terminal, thenotification control unit may notify the first communication terminalthat the second communication terminal is unable to accept theconnection.

Accordingly, when a connection request source communication terminal isunable to connect to a connection request destination communicationterminal, the cause is notified to the connection request sourcecommunication terminal. This enables the user to promptly know thereason for being unable to connect.

Here, in the communication terminal, the identification informationreception unit, when the communication terminal is in a state of beingunable to accept the connection from the communication terminal thatrequested the destination information, may receive a transfer asknotification message from the communication control server, the transferask notification message notifying that a communication data transferask has been made by the communication terminal that requested thedestination information, and the communication terminal may include: acommunication data acquirability determination unit operable todetermine, according to a load state, whether or not the communicationterminal has come to be in a state of being able to acquire thecommunication data; a transfer request message transmission unitoperable to, when the communication terminal has come into a state ofbeing able to acquire the communication data after the transfer asknotification message has been received, transmit a transfer requestmessage that requests transfer of the communication data; and anacquisition unit operable to acquire the communication data transmittedfrom the communication control server in response to the transferrequest message.

Accordingly, when the communication data cannot be transmitted directlybecause the callee communication terminal is not in a state of beingable to accept connection, the communication control server can be askedto transfer the communication data. Therefore, processing fortransmitting the communication data can be completed promptly withoutthe communication terminal having to repeat processing for establishinga connection with the callee communication terminal.

BRIEF DESCRIPTION OF THE DRAWINGS

FIG. 1 is a functional block diagram showing the structure of thecommunication system 100 of the present invention;

FIG. 2 is a functional block diagram showing the structure of anintermediate server 101;

FIG. 3 shows specific examples of permitted-terminal registrationcommands transmitted to the intermediate server 101;

FIG. 4 shows a specific example of a permitted terminal table;

FIG. 5(a) shows a specific example of a query message;

FIG. 5(b) shows a shows an example of a notification message showing“connection accepted”;

FIG. 5(c) shows a shows an example of a notification message showing“connection denied”;

FIG. 5(d) shows a specific example of a callee notification message;

FIG. 5(e) shows a specific example of an authentication informationnotification message;

FIG. 5(f) shows a specific example of a connection acceptance requestmessage;

FIG. 5(g) shows an example of a variation of a notification messagetransmitted when a determination is negative at step S1205 in FIG. 12and FIG. 16;

FIG. 5(h) shows an example of a variation of a notification messagetransmitted when a determination is negative at step S1608 of FIG. 16;

FIG. 6 is a functional block diagram showing the structure of an addressresolution server 102;

FIG. 7 shows a specific example of an IP address correspondence table;

FIG. 8 is a flowchart showing operations for IP address transmissionprocessing by the address resolution server 102 after receivingacquisition request data from the intermediate server 101;

FIG. 9 is a flowchart showing operations by each terminal forconnection-permitted terminal registration request processing;

FIG. 10 is a flowchart showing operations by the intermediate server 101for registration processing of a connection-permitted terminal to apermitted terminal table (step S1000 of FIG. 9);

FIG. 11 is a flowchart showing operations by terminals for connectionestablishment processing with another terminal;

FIG. 12 is a flowchart showing operations for connection controlprocessing by the intermediate server 101 after receiving a querymessage transmitted at step S1101 of FIG. 11;

FIG. 13 is a flowchart showing operations for connection acceptanceprocessing from another terminal by the terminal 104 that has received aconnection acceptance request from the terminal 103 at step S1107 ofFIG. 11;

FIG. 14 is a functional block diagram showing the structure of acommunication system 110 in a second embodiment of the presentinvention;

FIG. 15 is a functional block diagram showing the structure of anintermediate server 111;

FIG. 16 is a flowchart showing operations for connection controlprocessing by a control unit 211;

FIG. 17(a) shows a specific example of an acceptance state query messagetransmitted to a terminal 114 at step S1606 of FIG. 16;

FIG. 17(b) shows a specific example of a response notification messagethat shows “in connection acceptable state” received from the terminal114;

FIG. 17(c) shows a specific example of a response notification messagethat shows “in connection denial state” received from the terminal 114;

FIG. 18 is a flowchart showing operations for connection acceptablestate notification processing that the terminal 114 executes beforeperforming the same processing as the connection acceptance processingshown in FIG. 13;

FIG. 19 is a flowchart showing operations for connection establishmentdetermination processing by the intermediate server 111;

FIG. 20 is a functional block diagram showing the structure of aterminal 103 and a terminal 104;

FIG. 21 shows the structure of a communication system 200;

FIG. 22 is a flowchart showing operations for transfer processing ofcommunication data between terminals by the intermediate server 101;

FIG. 23 is a flowchart showing operations for communication datatransmission control processing by the terminals;

FIG. 24 is a functional block diagram showing the structure of acommunication system 120 in a third embodiment;

FIG. 25 is a functional block diagram showing the structure of anintermediate server 121;

FIG. 26 and FIG. 27 show operations for connection control processing bya control unit 221;

FIG. 28 is a flowchart showing operations for communication datatransfer ask processing by a terminal 123 after receiving a transfer askquery message transmitted by the intermediate server 121 according toprocessing at step S2611;

FIG. 29 is a flowchart showing operations for communication dataacceptance control processing by a terminal 124 after receiving atransfer ask notification message transmitted by the intermediate server121 according to processing at step S2615 of FIG. 27;

FIG. 30 is a functional block diagram showing the structure of theterminal 114;

FIG. 31 is a functional block diagram showing the structure of theterminal 123; and

FIG. 32 is a functional block diagram showing the structure of theterminal 124.

BEST MODE FOR CARRYING OUT THE INVENTION

First Embodiment

Structure

FIG. 1 is a functional block diagram showing the structure of acommunication system 100 of the first embodiment of the presentinvention. The communication system 100 is composed of an intermediateserver 101, address resolution server 102, a communication terminal 103(hereinafter called “terminal 103”), and a communication terminal 104(hereinafter called “terminal 104”), these compositional elements beingconnected over the Internet 105.

Note that instead of being connected over the Internet, the intermediateserver 101 and the address resolution server 102 may instead have astructure of being connected to the same intranet (for example, a LAN).

Furthermore, while the number of communication terminals in thecommunication system 100 is given as two here for simplicity ofexplanation, the number is not limited to being to two: any pluralnumber of terminals is possible.

Furthermore, terminal denotes a device that has an Internet or intranetconnection function, specific examples of such a device including PCs(personal computers), HDDs (hard disk drives) video recorders, DVDrecorders, TVs (televisions), and PDAs (personal digital assistants).

FIG. 21 shows a specific example of a communication system 200 in whichthe terminals in the communication system 100 are HDD video recorders.Note that since FIG. 21 is a simplified diagram of the communicationsystem 100, the address determination server is not illustrated. Thecommunication system 200 is composed of an HDD video recorder 1030 thatis a connection request source, an HDD video recorder 1040 that is aterminal which is a connection destination, and an intermediate server1010.

FIG. 2 is a functional block diagram showing the structure of theintermediate server 101.

The intermediate server 101 is composed of a control unit 201, atransmission unit 202, a reception unit 203, password issuing unit 204,an encrypt key issuing unit 205, and a storage unit 206.

In terms of hardware, the intermediate server 101 is composed of a CPU,a ROM, a RAM, a hard disk, and the like. Computer programs are stored inthe ROM or the hard disk, and the intermediate server 101 achieves itsfunctions by the CPU operating according to the computer programs.

The reception unit 203 receives query messages transmitted fromterminals and outputs the received query messages to the control unit201. A query message is a message for making a query as to the IPaddress of a terminal that is a connection destination (hereinaftercalled a “callee terminal”). The identifier of the terminal making thequery is specified in the query message. FIG. 5(a) shows a specificexample of a query message.

Here, “QUERY” shows that the message is a query message, “Identifier”shows the identifier of the terminal that is the transmission source ofthe query message (hereinafter called “query terminal”), and “Callee” isthe identifier of the callee terminal.

The reception unit 203 also receives registration request datatransmitted from terminals, and outputs the registration request data tothe control unit 201.

Here, “registration request data” is packet data that includes apermitted-terminal registration command and the IP address of theintermediate server 101. The permitted-terminal registration command iscreated by a terminal, and is a request to register a terminal permittedto connect to the terminal that created the command (hereinafter aterminal permitted to connect to another terminal is called a“connection-permitted terminal”), or to delete a registeredconnection-permitted terminal.

Here, the permitted-terminal registration command includes theidentifier of the terminal that requested the registration, theidentifier of the connection-permitted terminal that the terminal isrequesting to register or delete, and a command showing contents of theregistration processing.

FIG. 3 shows specific examples of permitted-terminal registrationcommands transmitted to the intermediate server 101. FIG. 3(a) shows aspecific example of a command message in the case of newly registeringterminals. “REGISTER” shows that the command expresses registrationprocessing, “Identifier” shows the identifiers of terminals that arepermitted to be connected, “Accept” shows specific processing contentsto be performed by the intermediate server 101 in the registrationprocessing with a statement that follows “Accept” (here the statementincludes “Create”). “Create” expresses a command for newly registering aconnection-permitted terminal, and here the statement including “Create”expresses deleting the identifiers of connection-permitted terminalsthat are already registered and newly registering connection-permittedterminals having identifiers Ib and If.

“Add” in FIG. 3(b) expresses a command for newly adding identifiers ofconnection-permitted terminals in addition to identifiers ofconnection-permitted terminals already registered. Here, the statementincluding “Add” expresses a command for additionally registeringterminals having identifiers Ic and Ie as connection-permittedterminals.

“Delete” in FIG. 3(c) expresses a command for removing a specifiedidentifier from the identifiers of the connection-permitted terminalsalready registered and deleting connection permission. Here, thestatement including “Delete” expresses a command for deleting theidentifier If from among the identifiers of the connection-permittedterminals already registered. Note that the commands “Add” in FIG. 3(b)and “Delete” in FIG. 3(c) may be one command such as shown in FIG. 3(d).

The transmission unit 202 transmits an authentication informationnotification message, which is input from the control unit 201, to acallee terminal.

Here, “authentication information notification message” denotes amessage that includes information used by a terminal that has received arequest for connection acceptance to authenticate the query terminal.Specifically, an authentication information notification message is amessage that is created by the control unit 201 and includes a queryterminal identifier, a password for authenticating the terminal that hasreceived the request, and an encrypt key for encrypting and decryptingcommunication data that is transmitted between terminals.

Here, “communication data” denotes various types of data transmitted andreceived between terminals, such as video data, image data, audio data,and text data.

FIG. 5(e) shows a specific example of an authentication informationnotification message.

Here, “NOTIFY” shows that the message is a notification message, “CallerID” shows the identifier of a query terminal, “Password” shows thepassword, and “Encrypt Key” shows the encrypt key.

The transmission unit 202 also transmits callee notification messagesfrom the control unit 201 to the query terminal.

Here, “callee notification message” denotes a message used to notify theIP address of the callee terminal to the query terminal. Specifically, acallee notification message is a message that is created by the controlunit 201, and includes the callee terminal IP address that the queryterminal queried, a password for authenticating the query terminal, andan encrypt key for encryption and decryption of communication datatransmitted between the callee terminal and the query terminal.

FIG. 5(d) shows a specific example of a callee notification message.

Here, “NOTIFY” shows that the message is a notification message, “CalleeAddress” shows the IP address of the callee terminal, “Password” showsthe password, and “Encrypt Key” shows the encryption key.

In addition, the transmission unit 202 transmits packet data to theaddress resolution server 102. This packet data is input from thecontrol unit 201, and includes an acquisition request command forrequesting acquisition of the IP address of the callee terminal whoseidentifier is specified, the IP address of the intermediate server 101and the IP address of the address resolution server 102. Hereinafter,this packet data is referred to as “acquisition request data”.

The password issuing unit 204 issues a character string that is thepassword, based on a password issue instruction from the control unit201.

Here, the character string issued as the password is a string of upperand lower case letters, numbers, symbols, or a combination of these. Adifferent character string is issued each time. For instance, thepassword issuing unit 204 may arbitrarily select and issue one characterstring as the password from a list of character strings that are randomcombinations of upper and lower case letters, numbers, symbols, or thelike.

The encrypt key issuing unit 205 issues an encrypt key used forencrypting and decrypting of data, according to an encrypt key issuinginstruction from the control unit 201.

Here, it is assumed that the encrypt key issuing unit 205 issues aencrypt key according to shared key encryption in which identicalencrypt keys are used to encrypt data to be transmitted and to decryptthe encrypted data at the reception-side.

The storage unit 206 is composed of a hard disk, a flash memory, or thelike, and stores a permitted terminal table, an allowable communicationdata size threshold value, the computer programs, the address of theaddress resolution server 102, and so on.

Here, “permitted terminal table” denotes a table showing correlationbetween each terminal and terminals that are permitted to connect to theterminal, registered as such by the control unit 201 in response toregistration requests from respective terminals.

Furthermore, “allowable communication data size threshold” denotes athreshold value of an allowable size of communication data. This is usedfor determining whether or not to accept communication data transmittedfrom a terminal in communication data transfer processing describedlater.

Furthermore, “address” denotes, for example, a URL (Uniform ResourceLocator), an IP address, or the like.

FIG. 4 shows a specific example of the permitted terminal table. Theexample shown in FIG. 4 shows that connection to the terminal having theidentifier Ia is permitted from terminals having identifiers Ib, Ic, andIe, and that connection to the terminal having the identifier Ib ispermitted from terminals having identifiers Ia, Ic, If, and Ig.

The control unit 201 controls operation of the other compositionalelements by reading and executing the computer programs stored in thestorage unit 206, and performs processing for registeringconnection-permitted terminals to the permitted terminal table,processing for controlling connection between terminals, and processingfor transferring communication data between terminals.

The following describes in detail the aforementioned three types ofprocessing performed by the control unit 201.

(1) Processing for registering connection-permitted terminals to thepermitted terminal table

On receiving input of registration request data from the reception unit202, the control unit 201 extracts the permitted-terminal registrationcommand from the registration request data, and analyzes the contents ofthe extracted permitted-terminal registration command. Having detected a“REGISTER” command, the control unit 201 recognizes that execution ofregistration processing is being instructed, and executes processingcontents instructed by the permitted-terminal registration command (thecommand instructed by the statement after Accept).

Specifically, when the processing contents are shown by a statement thatincludes “Create”, the control unit 201 refers to the permitted terminaltable to judge whether or not the terminal requesting registration isalready registered. When the terminal is not already registered, thecontrol unit 201 newly registers the identifier of the terminal in thepermitted terminal table in correspondence with the identifier theconnection-permitted terminal that made the registration request. Whenthe terminal is already registered, the control unit 201 deletesregistered connection-permitted terminal identifiers from the permittedterminal table, and newly registers the identifier of theconnection-permitted terminal by which the request for registration isbeing made in the permitted terminal table.

When the processing contents are shown by a statement that includes“Add”, the control unit 201 adds the identifier of theconnection-permitted terminal by which the request to be registered isbeing made in the permitted terminal table, without deleting theconnection-permitted terminals, even if identifiers of otherconnection-permitted terminals are already registered in the permittedterminal table.

When the processing contents are shown by a statement that includes“Delete”, the control unit 201 deletes the identifier of theconnection-permitted terminal for which the delete request was made.

When execution of the described processing contents has ended, thecontrol unit 201 creates a registration result message showing whetheror not the registration processing was successful, and transmits themessage via the transmission unit 202 to the terminal that made theregistration request. As one example, if the registration processing wassuccessful, the control unit 201 creates a message showing “registrationcomplete” (hereinafter called “registration completion message”), and ifthe registration processing failed, the control unit 201 creates amessage showing “registration failed” (hereinafter called “registrationfailure message”). Note that the control unit 201 may create the messageshowing registration completion in the processing state code, or both acharacter string and the processing state code.

(2) Connection Control Processing

On receiving input of a query message from the reception unit 203, thecontrol unit 201 specifies the one or more identifiers of one or moreconnection-permitted terminals in correspondence with the identifier ofthe callee terminal specified in the query message, by referring to thepermitted terminal table stored in the storage unit 206. According towhether the one of the specified identifiers matches the identifier ofthe query terminal, the control unit 201 determines whether or not thequery terminal is a terminal that is permitted to connect to the calleeterminal, and transmits a notification message notifying thedetermination result to the query terminal.

FIG. 5(b) and FIG. 5(c) show specific examples of notification messagestransmitted to the query terminal. FIG. 5(b) shows an example of anotification message showing “connection accepted”, and FIG. 5(c) showsan example of a notification message showing “connection denied”.

When the query terminal is a terminal that is permitted to connect thecallee terminal, the control unit 201 transmits acquisition request datato the address resolution server 102 via the transmission unit 202, and,on acquiring the IP address of the callee terminal from the addressresolution server 102, transmits a notification message showing“connection accepted” to the query terminal.

Next, the control unit 201 instructs the password issuing unit 204 toissue a password and the encrypt key issuing unit 205 to issue anencrypt key, and creates an authentication information notificationmessage from the query terminal identifier, and the password and theencrypt key generated respectively by the password issuing unit 204 andthe encrypt key generation unit 205 in response to the instructions. Thecontrol unit 201 then transmits the created authentication informationnotification message to the callee terminal via the transmission unit202.

Next, the control unit 201 creates a callee notification message fromthe issued password and encrypt key, and the obtained IP address of thecallee terminal, and transmits the created callee notification messageto the query terminal via the transmission unit 202.

When the query terminal is not a terminal that is permitted to connectto the callee terminal, the control unit 201 transmits a notificationmessage showing “connection denied” to the query terminal.

(3) Transfer Processing of Communication Data Between Terminals

On receiving a communication data transfer notification message from thereception unit 203, the control unit 201 determines whether the size ofthe communication data exceeds the allowed communication data sizethreshold, based on data size information included in the communicationdata ask message. When the data size does not exceed the allowedcommunication data size threshold, the control unit 201 creates atransfer acceptance notification message showing “acceptance ofcommunication data permitted”, and transmits the transfer acceptancenotification message to the transfer ask source terminal via thetransmission unit 202. Having received, via the reception unit 203,encrypted communication data transmitted by the terminal in response tothe transfer acceptance notification message, the control unit 201transmits the encrypted communication data to the callee terminal viathe transmission unit 202.

Here, “communication data transfer message” denotes a message that, whencommunication data to be transmitted from the transmission sourceterminal to the callee terminal is highly secret, is transmitted fromthe transmission source terminal (here, the callee) to the intermediateserver 101 in order to ask the intermediate server 101 to transmit thecommunication data. Specifically, the communication data transfermessage includes the identifier of the query terminal, the identifier ofthe callee terminal, data size information of the communication data,and the IP address of the intermediate server 101.

Furthermore, “transfer acceptance notification message” denotes amessage that, when an acceptance request is made from a terminal that isa communication data transmission source, is notified from theintermediate server 101 or the callee terminal to the transmissionsource terminal, and shows whether or not acceptance of communicationdata is permitted. Specifically, the transfer acceptance notificationmessage includes an identifier showing that the message is anotification message, the notification contents, the identifier of thenotification source, and the IP address of the transmission sourceterminal.

The following describes the address resolution server 102. FIG. 6 is afunctional block drawing of the address resolution server 102.

The address resolution server 102 is composed of a control unit 301, atransmission unit 302, a reception unit 303, and a storage unit 304.

In terms of hardware, the address resolution server 102 is composed of aCPU, a ROM, a RAM, a hard disk, and the like. Computer programs arestored in the ROM or the hard disk, and the address resolution server102 achieves its functions by the CPU operating according to thecomputer programs.

The transmission unit 302 transmits packet data input from the controlunit 301 to the intermediate server 101. This packet data includes theIP address of the callee terminal and the IP address of the intermediateserver 101. Hereinafter, this packet data is referred to as “Callee IPaddress data”.

The reception unit 303 receives acquisition request data transmitted bythe intermediate server 101, and packet data transmitted from terminalsconnected to the Internet. This packet data includes the IP address andidentifier of the terminal and the IP address of the address resolutionserver 102. Hereinafter, this packet data is referred to as“connected-terminal IP address data”. The reception unit 303 outputs thereceived acquisition request data and connected-terminal IP address datato the control unit 301.

The storage unit 304 is composed of a hard disk, a flash memory, or thelike, and stores an IP address correspondence table, programs executedby the control unit 301, and so on.

Here, “IP address correspondence table” denotes a table showingcorrelation between terminals connected to the Internet and the IPaddress assigned respectively to each terminal.

FIG. 7 shows a specific example of the IP address correspondence table.The example in FIG. 7 shows that terminals with respective identifiersIa and Ib are connected to the Internet, the terminal whose identifieris Ia is assigned an IP address 202.224.186.81 and the terminal whoseidentifier is Ib is assigned an IP address 202.224.186.82.

On receiving input of connected-terminal IP address data from thereception unit 303, the control unit 301 extracts the IP address andidentifier of the terminal from the IP address data, and registers theextracted IP address and identifier in correspondence in the IP addresscorrespondence table.

Furthermore, on receiving input of acquisition request data from thereception unit 303, the control unit 301 extracts the identifier of thecallee terminal from the acquisition request data, and refers to the IPaddress correspondence table stored in the storage unit 304 to specifythe IP address corresponding to the identifier. The control unit 301then creates callee IP address data from the specified IP address andthe IP address of the intermediate server 101, and transmits the createdcallee IP address data to the intermediate server 101 via thetransmission unit 302.

Next, the terminal 103 and the terminal 104 are described. The twoterminals are identical in structure, FIG. 20 being a functional blockdiagram showing the structure. Each terminal is composed of a controlunit 401, a transmission unit 402, a reception unit 403, an encryptionunit 404, a decryption unit 405, a storage unit 406, and an input unit407.

In terms of hardware, each terminal is composed of a CPU, a ROM, a RAM,a hard disk, and the like. Computer programs are stored in the ROM orthe hard disk, and the terminal achieves its functions by the CPUoperating according to the computer programs.

Each terminal pre-stores, in the storage unit 406, addresses of theintermediate server 101 and the address resolution server 102, varioustypes of communication data such as video data, image data, audio data,and text data, a communication data secrecy determination table, and soon.

Here, “communication data secrecy determination table” denotes a tableshowing correlation between various communication data and secrecydetermination identifiers that show whether or not respectivecommunication data is secret.

Note that it is assumed that communication data is determined to besecret or not, for example, by instruction from the user via the inputunit 407 at the time of recording the communication data, and that thecontrol unit 401 sets the communication data secrecy identifiers in thecommunication data secrecy table in accordance with the userinstruction.

Each terminal, on connecting to the Internet, transmits the IP addressassigned by a provider server (not illustrated) and the terminalidentifier to the address resolution server 102 via the transmissionunit 402.

In addition, each terminal performs connection-permitted-terminalregistration processing, connection establishment processing with otherterminals, connection acceptance processing of connection from otherterminals, and communication data transmission control processing afterestablishing connection with another terminal. The following describeseach processing in detail.

(1) Connection-Permitted Terminal Registration Request Processing

The control unit 401 creates registration request data based on anidentifier a connection-permitted terminal input from the input unit 407by the user and the IP address of the intermediate server 101, andtransmits the created registration request data to the intermediateserver 101. On receiving, from the intermediate server 101 via thereception unit 403, a registration result message showing whether or notregistration processing for registering the connection-permittedterminal in the permitted terminal table was successful, the controlunit 401 ends the processing.

(2) Connection Establishment Processing with Other Terminals

On receiving, from the user via the input unit 407, input of a queryinstruction with respect to an IP address of a terminal that is to be acallee, the control unit 401 transmits a query message to theintermediate server 101 via the transmission unit 402, and receives anotification message transmitted by the intermediate server 101 via thereception unit 403.

When the notification message shows “connection denied”, the controlunit 401 ends the processing. When the notification message shows“connection accepted”, the control unit further receives a calleenotification message from the intermediate server 101 via the receptionunit 403.

Next, the control unit 401 creates a connection acceptance requestmessage using the password included in the callee notification messagereceived from the reception unit 403 and the terminal identifier, andencrypts the created connection acceptance request message via theencryption unit 404 using the encrypt key included in the receivedcallee notification message. The control unit 401 then transmits theencrypted connection acceptance request message to the callee terminalvia the transmission unit 402, to make a connection acceptance request.

FIG. 5(f) shows a specific example of a connection acceptance requestmessage. “REQUEST” shows that the message is a connection acceptancerequest message, “Identifier” shows the identifier of the terminalmaking the request, and “Password” is the password written in theconnection acceptance message.

Furthermore, on receiving a notification message showing a determinationresult of whether the connection is accepted from the callee terminal,the control unit 401 interprets the contents of the notificationmessage, and determines whether the connection is accepted.

When the notification message shows “connection denied”, the controlunit 401 ends the processing. When the notification message shows“connection accepted”, the control unit 401 commences data communicationwith the callee terminal, and performs communication data transmissioncontrol processing described later.

(3) Connection Acceptance Processing of Connection from Other Terminals

On receiving an authentication information notification message from theintermediate server 101, the control unit 401 acquires the queryterminal identifier, the password, and the encrypt key from theauthentication information notification message.

Furthermore, on receiving a connection acceptance request message fromanother terminal via the reception unit 403, the control unit 401decrypts the connection acceptance request message via the encryptionunit 405 using the acquired encrypt key, and acquires the terminalidentifier and password from the connection acceptance request message.The control unit 401 then compares the acquired identifier and passwordrespectively with the identifier and password acquired earlier from theauthentication information notification message.

When both the identifiers and the passwords match, the control unit 401creates a notification message showing “connection accepted”, encryptsthe notification message via the encryption unit 404 using the acquiredencryption key, transmits the encrypted notification message via thetransmission unit 402 to the terminal that made the connectionacceptance request, and commences data communication with the terminal.

When the identifiers or the passwords do not match, the control unit 401creates a notification message showing “connection denied”, transmitsthe notification message via the transmission unit 402 to the terminalthat made the connection acceptance request, and ends communication withthe terminal.

(4) Communication Data Transmission Control Processing

On receiving a designation of communication data to be transmitted to acallee terminal from the user via the input unit 407, the control unit401 reads the designated communication data from the storage unit 406,and refers to the communication data secrecy determination table storedin the storage unit 406 to determine whether the designatedcommunication data is secret. When the communication data is secret, thecontrol unit 401 creates a communication data transfer notificationmessage, and transmits the communication data transfer notificationmessage to the intermediate server 101 and the callee terminal. Next, onreceiving a transfer acceptance notification message indicating“communication data acceptance permitted” from the intermediate server101 and the callee terminal via the reception unit 403, the control unit401 encrypts the designated communication data using the encrypt keyincluded in the callee notification message received via the receptionunit 403, and transmits the encrypted communication data to theintermediate server 101 via the transmission unit 402.

When the designated communication data is not secret data, the controlunit 401 transmits the read communication data directly to the calleeterminal without encrypting the communication data.

As one example, using the communication system 200 shown in FIG. 21, auser can transmit video data of an athletics meet that is recorded in ahard disk video recorder to the hard disk video recorder at the home ofa relative or grandparent, over the Internet via the intermediate serverin an encrypted form. This enables relatives or grandparents living in adistant location to enjoy recorded video without the risk of thetransmitted video data being decoded by another party during thetransmission process.

Furthermore, when viewing of communication data by other parties posesno particular problem, such as in the case of a recorded TV programs,the communication data can be transmitted directly to a connected HDDrecorder, and the recorded TV program enjoyed by the relatives orgrandparents.

Operations

First a description is given of operations for IP address transmissionprocessing by the address response server 102 after having receivedacquisition request data from the intermediate server 101.

FIG. 8 is a flowchart showing the operations. The following describesthe operations with reference to FIG. 8.

The reception unit 303, on receiving acquisition request data from theintermediate server 101 (step S801), outputs the received acquisitionrequest data to the control unit 301.

On receiving input of the obtain request data from the reception unit303, the control unit 301 extracts the callee terminal identifier fromthe acquisition request data (step S802), and refers to the IP addresstable stored in the storage unit 304 to determine whether or not theidentifier is registered in the IP address table (step S803).

When the identifier is registered in the IP address table (step S803:Y), the control unit 301 specifies, from the IP address table, the IPaddress corresponding to the identifier (step S804), and creates calleeIP address data from the IP address and the IP address of theintermediate server 101 (step S805). The control unit 301 then transmitsthe created callee IP address data to the transmission unit 302 via theintermediate server 101 (step S806).

When the identifier is not registered in the IP address table (stepS803: N), the control unit 301 creates a messaged indicating “notregistered” (hereinafter called “non-registration message”), andtransmits the non-registration message via the transmission unit 302 tothe intermediate server 101 (step S807).

Next, a description is given of the operations for connection-permittedterminal registration request processing performed by the terminals.FIG. 9 is a flowchart showing the operations. The following describesthe operations with reference to FIG. 9.

Note that for brevity, the operations are described in terms of theterminal 104 making a request to register the terminal 103 as aconnection-permitted terminal.

The terminal 104 creates registration request data (step S901), andtransmits the created registration request data to the intermediateserver 101 (step S902). This causes the intermediate server 101 tocommence registration processing for registering theconnection-permitted terminal (the terminal 103 here) to the permittedterminal table (step S1000), and when the registration processing hasfinished, the terminal 104 receives a registration result message fromthe intermediate server 101 (step S903).

Next a description is given of operations in the registration processingby the intermediate server 101 for registering a connection-permittedterminal to the permitted terminal table (step S1000).

FIG 10 is a flowchart showing the operations. The following describesthe operations with reference to FIG. 10.

On receiving registration request data from the terminal 104 (stepS1001), the reception unit 203 outputs the received registration requestdata to the control unit 201.

On receiving input of the registration request data from the receptionunit 203, the control unit 201 extracts the permitted-terminalregistration command from the registration request data (step S1002),and analyzes the contents of the extracted permitted-terminalregistration command (step S1003). Having recognized that execution ofregistration processing is being instructed, the control unit 201executes the processing contents instructed by the permitted-terminalregistration command (step S1004), and determines whether or notexecution of the processing contents succeeded (step S1005).

When execution has succeeded (step S1005: Y), the control unit 201creates a registration completion message, and transmits theregistration completion message to the terminal 104 via the transmissionunit 202 (step S1006). When execution has failed (step S1005: N), thecontrol unit 201 creates a registration failure message, and transmitsthe registration failure message to the terminal 104 via thetransmission unit 202 (step S1007).

Next, a description is given of operations by the terminals forconnection establishment processing with other terminals. FIG. 11 is aflowchart showing the operations. The following describes the operationswith reference to FIG. 11.

Note that for brevity, the operations are described in terms of theterminal 103 establishing a connection with the terminal 104.

The terminal 103 transmits a query message for making a query to theintermediate server 101 as to the address of the terminal 104 (stepS1101).

On receiving a notification message from the intermediate server 101 asa response to the query message (step S1102), the terminal 103 analyzesthe contents of the notification message (step S1103), and determineswhether or not the notification message shows “connection accepted”(step S1104).

When the notification message shows “connection denied” (step S1104:N),the terminal 103 ends the processing. When the notification messageshows “connection accepted” (step S1104: Y), the terminal 103 furtherreceives a callee notification message (step S1105), and creates aconnection acceptance request message using the password included in thereceived callee notification message and the identifier of the terminal103 (step S1106). The terminal 103 then encrypts the created connectionacceptance request message using the encrypt key included in thereceived callee notification message, and transmits the connectionacceptance request message to the terminal 104 to makes a connectionacceptance request to the terminal 104 (step S1107). On receiving anotification message showing a judgment result of whether or notacceptance is permitted from the terminal 104 (step S1108), the terminal103 analyzes the contents of the notification message, and determineswhether or not the connection acceptance is permitted (step S1109).

When the notification message shows “connection denied” (step S1109:N),the terminal 103 ends the processing. When the notification messageshows “connection accepted” (step S1109: Y), the terminal 103 commencesdata communication with the terminal 104 (step S1110).

Next, a description is given of operations by the intermediate server101 at step S1101 in connection control processing when having receiveda query message. FIG. 12 is a flowchart showing the operations. Thefollowing describes the operations with reference to FIG. 12.

On receiving a query message transmitted by the terminal 103 (stepS1201), the reception unit 203 outputs the query message to the controlunit 201.

On receiving input of the query message from the reception unit 203, thecontrol unit 201 specifies the connection-permitted terminal identifiersin correspondence with the identifier of the terminal 104 that isspecified in the query message, by referring to the permitted terminaltable stored in the storage unit 206 (step S1202). The control unit 201then determines whether the terminal 103 is a terminal permitted toconnect to the terminal 104 according to whether or not any of thespecified identifiers match the identifier of the terminal 103 (stepS1203).

When the terminal 103 is a terminal permitted to connect to the terminal104 (step S1203: Y), the control unit 201 transmits acquisition requestdata to the address resolution server 102 via the transmission unit 202(step S1204). This causes the address resolution server 102 to performthe processing at step S801 to step S807 shown in FIG. 8, and thecontrol unit 201 then determines whether or not the IP address of theterminal 104 has been acquired from the address determination server 102(step S1205).

When the IP address has been acquired (step S1205: Y), the control unit201 transmits a notification message showing “connection accepted” viathe transmission unit 202 to the terminal 103 (step S1206), causing theterminal 103 to perform the processing at step S1102 onwards in FIG. 11.

Furthermore, the control unit 201 gives a password issue instruction tothe password issuing unit 204 and an encrypt key issuing instruction tothe encrypt key issuing unit 205, and creates an authenticationinformation notification message from the identifier of the queryterminal 103 and the password and encryption key issued respectively bythe password issuing unit 204 and the encrypt key issuing unit 205 inresponse to the instructions (step S1207). The control unit 201 thentransmits the created authentication information notification messagevia the transmission unit 202 to the terminal 104 (step S1208).

Next, the control unit 201 creates a callee notification message fromthe issued password and encrypt key and the obtained IP address of theterminal 104 (step S1209), and transmits the callee notification messagevia the transmission unit 202 to the terminal 103 (step S1210).

At step S1203, when the terminal 103 is not a terminal permitted toconnect to the terminal 104 (step S1203: N), or at step S1205, when anon-registration message is received from the address resolution server102 and the IP address of the terminal 104 was unable to be received(step S1205: N), the control unit 201 transmits a notification messageshowing “connection denied” to the terminal 103 (step S1211).

Next, a description is given of operations by the intermediate server101 in transfer processing for transferring communication data betweenterminals. FIG. 22 is a flowchart showing the operations. The followingdescribes the operations with reference to FIG. 22.

On receiving a communication data transfer notification message from thereception unit 203 (step S2201), the control unit 201 determines whetheror not the size of the communication data exceeds the allowedcommunication data size threshold, based on the communication data sizeinformation included in the communication data transfer notificationmessage (step S2202).

When the size does not exceed the threshold (step S2202: N), the controlunit 201 creates a transfer acceptance notification message showing“communication data acceptance permitted”, and transmits the transferacceptance notification message to the query terminal via thetransmission unit 202 (step S2203). On receiving encrypted communicationdata via the reception unit 203 from the terminal in response to thetransfer acceptance notification message (step S2204), the control unit201 transmits the received encrypted communication data to the calleeterminal via the transmission unit 202 (step S2205).

When the size of the communication data exceeds the allowedcommunication data size at step S2202 (step S2202: Y), the control unit201 creates a transfer acceptance notification message showing“communication data acceptance not permitted”, and transmits thetransfer acceptance notification message to the query terminal via thetransmission unit 202 (step S2202).

Next, a description is given of operations for connection acceptanceprocessing of a connection from another terminal, performed at stepS1107 of FIG. 11 by the terminal 104 to which a connection acceptancerequest has been made by the terminal 103. FIG. 13 is a flowchart of theoperations. The operation are described with use of FIG. 13.

Before receiving the connection acceptance request from the terminal103, on receiving an authentication information notification messagefrom the intermediate server 101 at step S1208 in FIG. 12 (step S1301),the terminal 104 acquires the identifier of the terminal 103 and thepassword and encrypt key from the authentication informationnotification message (step S1302).

Furthermore, when receiving a connection acceptance request from theterminal 103 by receiving a connection acceptance request message (stepS1303), the terminal 104 decrypts the connection acceptance requestmessage using the acquired encrypt key, and acquires the identifier andpassword of the terminal 103 from the connection acceptance requestmessage (step S1304). The terminal 104 then compares the acquiredidentifier and password respectively with the identifier and passwordacquired earlier from the authentication information message (stepS1305), and determines whether the identifiers and passwords matchrespectively (step S1306).

When both the identifiers and the passwords match (step S1306: Y), theterminal 104 creates a notification message showing “connectionaccepted” (step S1307), encrypts the notification message using theacquired encrypt key, transmits the encrypted notification message tothe terminal 103 that made the connection acceptance request (stepS1308), and commences data communication with the terminal 103 (stepS1309).

When the identifiers or the passwords do not match at step S1306 (stepS1306: N), the terminal 103 creates a notification message showing“connection denied” (step S1310), encrypts the notification messageusing the acquired encrypt key, transmits the encrypted notificationmessage to the terminal 103 that made the connection acceptance request(step S1311), and terminates the connection with the terminal 103 (stepS1312).

Next, a description is given of operations by the terminals forcommunication data transmission control processing. FIG. 23 is aflowchart showing the operations. The following describes the operationswith reference to FIG. 23.

Note that for brevity, operations are described in terms of the terminal103 being the transmission source of communication data, and theterminal 104 being the transmission destination of the communicationdata.

After the terminal 103 commences communication with the terminal 104 atstep S1309 and receives a designation from the user via the input unit407 of communication data to be transmitted to the callee terminal (stepS2301), the control unit 401 of the terminal 103 reads the communicationdata from the information storage unit 406, and refers to thecommunication data secrecy determination table stored in the storageunit 406 to determine whether or not the designated communication datais secret (step S2302).

When the designated communication data is secret data (step S2302: Y),the control unit 401 creates a communication data transfer notificationmessage, and transmits the data transfer notification message to theintermediate server 101 and the terminal 104 (step S2303). On receivinga connection acceptance notification message showing “communication dataacceptance permitted” from the intermediate server 101 and the terminal104 (step S2304: Y), the control unit 401 encrypts the readcommunication data using the encrypt key included in the received calleenotification message, and transmits the encrypted communication data tothe intermediate server 101 (step S2305).

At step S2303 when the designated communication data is not secret(S2303: N), the control unit 401 transmits the read communication datadirectly to the terminal 104 (step S2306).

On receiving a connection acceptance notification message showing“communication data acceptance not permitted” from the intermediateserver 101 or the terminal 104 at step S2304 (step S2304: N), thecontrol unit 401 ends the communication data transmission processing.

Second Embodiment

Operations in the present embodiment differ from the first embodiment inthat, before communicating with a callee terminal, the intermediateserver (an intermediate server 111 in the second embodiment) makes aquery to the callee terminal about the state of the terminal, determineswhether or not the state of the callee terminal is one of being able toaccept communication, and notifies the query terminal if the calleeterminal is unable to accept communication. Compositional elements thatare identical to those in the communication system 100 of the firstembodiment have the same numbering thereas. The following descriptionfocuses on aspects that differ from the first embodiment.

FIG. 14 is a functional block diagram showing the structure of acommunication system 110 of the second embodiment of the presentinvention. The communication system 110 is composed of an intermediateserver 111, the address resolution server 102, the terminal 103, and aterminal 114, these compositional elements being connected over theInternet 105.

FIG. 15 is a functional block diagram showing the structure of theintermediate server 111.

The intermediate server 111 is composed of a control unit 211, thetransmission unit 202, the reception unit 203, the password issuing unit204, the encrypt key issuing unit 205, and the storage unit 206.

Operations of the control unit 211 differ from operations of the controlunit 201 of the first embodiment in terms of the connection controlprocessing. The following description of the operations for connectioncontrol processing performed by the control unit 211 focuses on thoseaspects that differ from the operations for the connection controlprocessing shown in FIG. 12. FIG. 16 is a flowchart showing theoperations. The following describes the operations with reference toFIG. 16.

Operations for the processing from step S1201 to step S1205 are the sameas in the first embodiment shown in FIG. 12, and therefore a descriptionthere of is omitted.

Here, the processing at step S1201 through to step S1210 in FIG. 16 isthe same as the steps having the same numbering in FIG. 12, if “theterminal 104” is read as being “the terminal 114”. Therefore steps thatcorrespond to steps in FIG. 12 are given the same numbering thereas inorder to make the correlation between the steps clear.

After performing the processing from step S1201 to step S1205, when theIP address of the terminal 114 was acquired at step S1205 (step S1205:Y), the control unit 211 transmits an acceptance state query message forinquiring to the terminal 114 whether or not the terminal 114 is in aconnection acceptable state (step S1606). On receiving a notificationmessage showing a response from the terminal 114 (step S1607), thecontrol unit 211 analyzes the notification message and determineswhether or not the notification message indicates “in connectionacceptable state” (step S1608).

FIG. 17(a) shows a specific example of an acceptance state query messagetransmitted to the terminal 114 in the above operations. Here, “QUERY”shows that the message is a query message, and “STATUS” shows that thecontents of the query are a query as to the connection acceptable state.

FIG. 17(b) and FIG. 17(c) show specific examples of notificationmessages showing responses from the terminal 114. “NOTIFY” shows thatthe message is a notification message. “STATUS Acceptable” in FIG. 17(b)shows that the terminal 114 is in a state of being able to acceptconnection, and “STATUS Busy” in FIG. 17(c) shows that the terminal 114is a state of denying connection.

When the notification message shows “connection acceptable state” (stepS1608: Y), the control unit 211 performs the processing at step S1206 tostep S1210 of FIG. 12. When the notification message shows “connectionacceptance denial state” (step S1608: N), the control unit 211 performsthe same processing as at step S1211 of FIG. 12.

In addition to the functions of the terminal 104, the terminal 114 has afunction of measuring the load on the CPU by continually measuring thenumber of times the RAM is accessed by the CPU in a set time period.Furthermore, the terminal 114 stores a CPU load upper limit valueshowing the upper limit of the load.

Specifically, the terminal 114 is composed of a control unit 411, thetransmission unit 402, the reception unit 403, the encryption unit 404,the decryption unit 405, a storage unit 416, and the input unit 407. Inaddition to the functions of the control unit 401, the control unit 411has the function of measuring the load of the CPU. In addition to thefunctions of the storage unit 406, the storage unit 416 has the functionof storing the CPU load upper limit value. FIG. 30 is a functional blockdiagram showing the structure of the terminal 114.

Next a description is given of operations of the terminal 114 forconnection acceptable state notification processing which accompaniesconnection control processing by the control unit 211. This connectionacceptable state notification processing is executed before processingidentical to the connection acceptance processing in FIG. 13. FIG. 18 isa flowchart showing the operations. The following describes theoperations with reference to FIG. 18.

After performing step S1606 of FIG. 16, on receiving an acceptance statequery message from the intermediate server 111 (step S1801), theterminal 114 judges whether the CPU load exceeds the CPU load upperlimit value (step S1802).

When the CPU load upper limit value is not exceeded (step S1802: N), theterminal 114 transmits a notification message showing “connectionacceptable state” to the intermediate server 111 (step S1803). When theCPU load upper limit value is exceeded (step S1802: Y), the terminal 114transmits a notification message showing “connection denial state” tothe intermediate server 111 (step S1804).

Third Embodiment

Operations in the present embodiment differ from the second embodimentin that when a callee terminal is in a state of being unable to connectto a query terminal, the intermediate server (an intermediate server 121in the third embodiment) temporarily stores communication data inresponse to a communication data storage ask from the query terminal,and then transfers the stored communication data to a callee terminalwhen the callee terminal becomes able to communicate. Compositionalelements that are identical to those in the communication system 110 ofthe second embodiment have the same numbering thereas. The followingdescription focuses on aspects that differ from the second embodiment.

FIG. 24 is a functional block diagram showing the structure of thecommunication server 120 of the third embodiment of the presentinvention. The communication system 120 is composed of the intermediateserver 121, the address resolution server 102, a terminal 123, and aterminal 124, these compositional elements being connected over theInternet 105.

FIG. 25 is a functional block diagram showing the structure of theintermediate server 121.

The intermediate server 121 is composed of the control unit 221, thetransmission unit 202, the reception unit 203, the password issuing unit204, the encrypt key issuing unit 205, and a storage unit 226.

Operations of the control unit 221 differ from operations of the controlunit 211 of the second embodiment in terms of the connection controlprocessing. The following description of the operations for connectioncontrol processing performed by the control unit 221 focuses on thoseaspects that differ from the operations for the connection controlprocessing shown in FIG. 16. FIG. 26 and FIG. 27 are flowcharts showingthe operations. The following describes the operations with reference toFIG. 26.

Here, the processing at step S1201 through to step S1210 in FIG. 26 isthe same as the steps having the same numbering in FIG. 16, if “theterminal 114” is read as being “the terminal 124”. Therefore steps thatcorrespond to steps in FIG. 16 are given the same numbering thereas inorder to make the correlation between the steps clear.

After performing the processing at steps S1201 to S1205 and S1606 toS1608, when the notification message shows “not in connection acceptablestate” at step S1608 (step S1608: N), the control unit 221 creates atransfer ask query message for making a query to the a terminal (theterminal 123 here) as to whether the terminal will ask for transfer ofcommunication data, and transmits the transfer ask query message via thetransmission unit 202 to the terminal 123 (step S2611). The control unit221 then receives a transfer request query response notification messagethat is a notification message responding to the transfer ask querymessage, from the terminal 123 via the reception unit 203 (step S2612),and analyzes the transfer ask query response notification message todetermine whether or not the transfer request query responsenotification message shows “asking for transfer of communication data”(step S2613).

Here, “transfer ask query message” denotes a message that is created bythe control unit 221 and is for querying whether or not a terminal (theterminal 123 here) will ask for transfer of communication data. Thetransfer ask query message includes an identifier showing that themessage is a query message, an identifier showing of the intermediateserver 121 which is the source of the query, the contents of the query,and the IP address of the terminal 123.

Furthermore, “transfer ask query response notification message” denotesa message that is created by a terminal (the terminal 123 here) and thatis a response to a transfer ask query message. The transfer requestquery response notification message includes an identifier showing thatthe message is a notification message, the identifier of the terminal123 which is the transmission source terminal, the IP address of theintermediate server 121, and the response contents.

When the transfer ask query response message shows “asking for transferof communication data” (step S2613: Y), the control unit 221 creates acommunication data transmission request message, and transmits thecreated communication data transmission request message to the terminal123 via the transmission unit 202 (step S2614). Furthermore, the controlunit 221 creates a transfer ask notification message and transmits thetransfer ask notification message to the terminal 124 (step S2615), andon acquiring communication data from the terminal 123 via the receptionunit 203 (step S2616), records the communication data in correspondencewith the identifier of the terminal 123, which is the transmissionsource of the communication data, and the identifier of the terminal124, which is the transmission destination, in the storage unit 226(step S2617). On acquiring a transfer ask data transfer request messagefrom the terminal 124 via the reception unit 203 (step S2618), thecontrol unit 221 reads, from the storage unit 226, the communicationdata in correspondence with the transmission source terminal identifierand the transmission destination terminal identifier included in thetransfer ask data transfer request message, and transfers thecommunication data to the terminal 124 via the transmission unit 203(step S2619).

Here, “communication data transmission request message” refers to amessage that is created by the control unit 221 and transmitted to theterminal asking for transfer of communication data (the terminal 123here), and is for requesting transmission of communication data forwhich transfer is requested. The communication data transmission requestmessage includes an identifier showing that the message is a requestmessage, the contents of the request, the identifier of the intermediateserver 121 that is the request source, and the IP address of theterminal 123.

Furthermore, “transfer ask notification message” denotes a message thatis created by the control unit 221 and that is for notifying thattransfer of communication data has been asked for by the query terminal(the terminal 123 here). The transfer ask notification message includesan identifier showing that the message is a notification message, thenotification contents, the identifier of the intermediate server 121,the identifier of the transfer request source terminal (the terminal 123here), and the IP address of the terminal 124.

Furthermore, “transfer ask data transfer request message” denotes amessage that is created and transmitted by the transfer request sourceterminal (the terminal 124 here) and that is for requesting transfer ofcommunication data stored by the intermediate server 121. The transferrequest data transfer request message includes an identifier showingthat the message is a request message, the request contents, theidentifier of the terminal that is the communication data transfer asksource (the terminal 123 here), the identifier of the terminal that isthe transfer request source (the terminal 124 here), and the IP addressof the intermediate server 121.

Next, a description is given of operations by the terminal 123 forcommunication data transfer ask processing when having received atransfer ask query message transmitted by the intermediate server 121according to the processing at step S2611. The terminal 123, as shown inFIG. 31, is composed of a control unit 421, the transmission unit 402,the reception unit 403, the encryption unit 404, the decryption unit405, the storage unit 406, and the input unit 407. The control unit 421,in addition to the functions of the control unit 411, performs thefunction described above.

Note that the control unit 421 may include the functions of a controlunit 431 of the terminal 124 described later.

Furthermore, the storage unit 406 may include the functions of a storageunit 436 described later.

FIG. 28 is a flowchart of the operations.

The following describes the operations with reference to FIG. 28.

On acquiring a transfer ask query message via the reception unit 403from the intermediate server 121 (step S2801), the control unit 421creates a transfer ask query response notification message based on auser instruction input via the input unit 407 (step S2802), andtransmits the created transfer ask query response notification messageto the intermediate server 121 (step S2803). On receiving acommunication data transfer request message from the intermediate server121 (step S2804), the control unit 421 reads, from among the varioustypes of communication data stored in the storage unit 406,communication data specified according to a user instruction input viathe input unit 407, and transmits the read communication data to theintermediate server 121 (step S2805).

Next, a description is given of operations by the terminal 124 forcommunication data acceptance control processing when having received atransfer ask notification message according to the processing at stepS2615 by the intermediate server 121. The terminal 124, as shown in FIG.32, is composed of the control unit 431, the transmission unit 402, thereception unit 403, the encryption unit 404, the decryption unit 405,the storage unit 436, and the input unit 407. In addition to thefunctions of the control unit 411, the control unit 431 performs theprocessing described above.

Note that the control unit 431 may include the functions of the controlunit 421.

Furthermore, the storage unit 436 stores a transfer ask source list, inaddition to having the functions of the storage unit 416.

Here, “transfer ask source list” denotes a list of identifiers ofterminals that are a transfer ask source of communication data notifiedvia a transfer ask notification message from the intermediate server.Each time a transfer ask notification message is notified to theterminal 124, the transfer ask source terminal identifier included inthe transfer ask notification message is extracted by the control unit431, and added to the transfer ask source list. Each time control datafrom a transfer ask source already included in the list is acquired bythe control unit 431, the control unit 431 deletes the identifier of thetransfer ask source from the list.

FIG. 29 is a flowchart showing the operations.

On receiving a transfer ask notification message via the reception unit403 (step S2901), the control unit 431 acquires the transfer ask sourceidentifier from the transfer ask notification message, and adds thetransfer ask source identifier to the transfer destination ask sourcelist (step S2902). The control unit 431 the determines whether or notthe terminal 124 is in a state of being able to accept the communicationdata for which the transfer ask is being made, according to whether ornot the CPU load exceeds the CPU load upper limit value (step S2903).

When the CPU load upper limit value is not exceeded, the control unit431 determines that the terminal 124 is in a state of being able toacquire the communication data (step S2903: Y), and refers to thetransfer ask source list stored in the storage unit 436 to determinewhether or not the communication data waiting to be transferred is heldin the intermediate server 121, according to whether or not the transferask source identifier is recorded in the transfer ask source list (stepS2904).

When the transfer ask source identifier is recorded in the transfer asksource list, the control unit 431 determines that the communication datawaiting to be transferred is held in the intermediate server 121 (stepS2904: Y), creates a transfer ask data transfer request message based onthe transfer ask source identifier, and transmits the transfer ask datatransfer request message to the intermediate server (step S2905). Thecontrol unit 431 then acquires the communication data for which atransfer ask has been made by the transfer ask source terminal from theintermediate server 121 via the reception unit 403, and records theacquired communication data in the storage unit 436 (step S2906).

At step S2903, when the CPU load exceeds the CPU load upper limit (stepS2903: N), the control unit 431 continues to measure the CPU load (stepS2907), and proceeds to step S2903.

Although preferred embodiments of the present invention have beendescribed, the present invention is, of course, not limited to thesepreferred embodiments.

(1) In the first to third embodiments, the intermediate server and theaddress resolution server are separate compositional elements of thecommunication systems 100, 110, and 120. However, the intermediateserver may include the functions of the address resolution server. Insuch a case the communication systems 100, 110, and 120 have a structurethat does not include an address resolution server.

Specifically, the intermediate server 101, 111, or 121 acquires, via thereception unit 203, the IP address and identifier transmitted fromterminals connected to the Internet, creates an IP addresscorrespondence table, and registers the IP address correspondence tablein the storage unit 206.

(2) In the first to third embodiments, the address resolution server 102registers IP addresses of terminals to the IP address correspondencetable based on the IP address and the identifier of a terminal that aretransmitted directly from the terminal to the address resolution server.However, the registration may be performed by the intermediate server101, 111, or 121 receiving the IP addresses and identifiers transmittedfrom the terminals, and then transmitting the IP addresses andidentifiers to the address resolution server 102 which then registersthe IP addresses and identifiers.

As an alternative, the address resolution server 102 may receive aterminal identifier directly from a terminal or via the intermediateserver 101, 111, or 121, obtain the IP address of the terminal of theidentifier by making a query to the server of the provider thatallocated the IP address to the terminal, and obtaining the IP addressfrom the server. The address resolution server 102 then registers theobtained IP address in the IP address correspondence table.

(3) In the first to third embodiments, the address resolution server 102registers each terminal identifier in correspondence with the IP addressof the terminal in the IP address correspondence table. However, insteadof acquiring each IP address from the terminals, the address resolutionserver 102 may acquire information (a domain name, for instance) thatspecifies the IP address, and register the information in the IP addresscorrespondence table. Furthermore, the address resolution server 102 maytransmit the information to the intermediate server 101 or 111 as aresponse to acquisition request data from the intermediate server. Inthis case, having acquired the information, the intermediate server mayacquire the IP address by, for instance, querying a DNS server about theIP address corresponding to the information.

(4) In the first to third embodiments, the identifier of the terminalsmay be anything that differentiate terminals, an example being anythingthat is easily remembered by users, such as a telephone number, or acombination of a user name and address.

Furthermore, connection permission may be registered using identifiersthat express specific terminal groups. This enables a terminal to giveconnection permission to groups of other terminals by registering thegroup identifier as a connection-permitted terminal identifier in theintermediate server 101 or 110.

(5) In the first to third embodiments, the terminal 103 may performauthentication processing before query message transmission/receptionprocessing shown by step S1101 in FIG. 11 and step S1201 in FIG. 12,FIG. 16, and FIG. 26.

Specifically, before transmitting the query message, the terminal 103transmits its identifier and a password for authentication, and theintermediate server 101, 111, or 121 performs authentication processingof the terminal 103 by comparing the received password with a comparisonpassword stored in correspondence with the identifier of the terminal103 or 123 in advance in the storage unit 206 or 226. The processingfrom step S1201 onwards in FIG. 12 (FIG. 16 in the case of theintermediate server 111, and FIG. 26 in case of the intermediate server121) is performed when the passwords match.

This kind of authentication processing may be performed by the terminal104, 114, or 124 and the intermediate server 101, 111, and 121 beforecommencing communication.

Note that a method other than the described method may be used forauthentication. For instance, certificates issued by a certificationauthority may be exchanged.

(6) In the operations for connection control processing by theintermediate server in the first and second embodiments as shown in FIG.12 and FIG. 16, when the result of the determination at step S1203, stepS1205 (FIG. 12 and FIG. 16) and step S1608 (FIG. 16) is “denied”, thenotification message “connection denied”, as shown in FIG. 5(c), istransmitted to the terminal 103. However, communication messages ofdiffering contents may be transmitted at each of the described steps.

For instance, the notification message shown in FIG. 5(c) may betransmitted to the terminal 103 at step S1203, the notification messageshown in FIG. 5(g) may be transmitted to the terminal 103 at step S1205,and the notification message shown in FIG. 5(h) may be transmitted tothe terminal 103 at step S1608.

Alternatively, a message notifying the reason that connection was deniedmay be transmitted at each of the steps.

For instance, a notification message indicating that the terminal is nota terminal permitted as a callee terminal may be transmitted at stepS1203. A notification message indicating that the IP address of thecallee terminal was not able to be acquired may be transmitted at stepS1205. A notification message indicating that the callee terminal is notin a connection acceptable state may be transmitted at step S1608.

This enables the party making the query to know why it is unable toconnect to the callee terminal.

(7) In the first to third embodiments, communication between theterminals and the intermediate server 101, 111, or 121 may be performedusing SSL (Secure Socket Layer) or TSL (Transport Layer Security).

This is effective in preventing interception of data.

(8) In the first to third embodiments, the port number with which theterminal 104 or the terminal 114 receives the connection from theterminal 103, or the port number with which the terminal 124 receivesthe connection from the terminal 123 maybe a predetermined port number(for instance, an internationally stipulated Well-known Port Number).Alternatively, port numbers may be registered together with IP addressesin the IP address correspondence table stored in the storage unit 304 ofthe address resolution server 102, and the terminal 103 or 123 mayreceive a connection reception port number of the callee terminal (theterminal 104, 114 or 124) via the intermediate server 101, 111, or 121.

This enables a unique connection reception port number to be registeredfor each callee terminal, and therefore a callee terminal is able to beaccessed only by terminals that designate the unique port number. Thisis effective in preventing illegal access from other terminals.

(9) In the first to third embodiments, the comparison of the passwordsat step S1305 of FIG. 13 may be performed not only by the connectionacceptance request destination terminal, but also by the connectionacceptance request source terminal acquiring the password from theconnection request destination terminal.

In this case, a possible structure is one in which the processing atstep S1307 to step S1309 is performed when the passwords match in bothterminals.

Note that the terminals use respectively different passwords in thecomparison.

(10) In the communication data transmission control processing in thefirst embodiment, the control unit 401 determines whether or not totransmit communication data specified by the user to the callee terminalvia the intermediate server 101 depending on whether or not thecommunication data is secret data. However, this determination mayinstead be made according to the size of the specified communicationdata.

Similarly, in communication data control processing in the second andthird embodiments, the control unit 411, 421 or 431 may make thedetermination according to the size of the specified communication data.

For instance, the communication data may be transmitted directly to thecallee terminal in the case of data that composes video and is thereforelarge in size, and the communication data may be transmitted to thecallee server via the intermediate server 101 in the case of data thatcomposes a still image and is therefore not large in size.

Specifically, the storage unit 406 may store, in advance, acommunication data size determination table that shows correlationbetween each communication data and the respective communication datasize. On receiving, from the user via the input unit 407, aspecification of communication data to be transmitted to a calleeterminal, the control unit 401 refers to the communication data sizedetermination table to determine whether the size of the communicationdata exceeds a predetermined threshold value. When the size does notexceed the threshold value, the control unit 401 determines that thecommunication data is to be transmitted via the intermediate server 101,and when the size exceeds the threshold value, the control unit 401determines that the communication data is to be transmitted directly tothe callee server.

Furthermore, the control unit 401 may determine that part of thespecified communication data is to be transmitted to the intermediateserver 101 and that the remaining part of the specified communicationdata is to be transmitted directly to the callee server. In the secondand third embodiments also, the control unit 411, 421, or 431 of theterminal may make the determination in the described manner.

Take for instance a case in which communication data stored in thestorage unit 406 is a video data stream that has been compressed usinginterframe prediction according to the specification of MPEG (MovingPicture Expert Group)-2, and the video stream is composed of GOP (Groupof Picture) units that are each made up of one I picture and a pluralityof B pictures and P pictures. Upon the video data stream being specifiedby the user as communication data to be transmitted to a calleeterminal, the control unit 401 gives a serial number to each picture inthe video data stream. The serial numbers correspond to the position ofthe pictures within the video data stream. The control unit 401 thenextracts the I pictures from the video data stream, encrypts the Ipictures using the encryption key included in the callee notificationmessage, asks the intermediate server 101 to transfer the I pictures,and transmits the encrypted I pictures to the intermediate server 101.The control unit 401 further determines that the extracted I picturesare to be transmitted to the callee terminal via the intermediate server101 and that the remaining B pictures and P pictures are to betransmitted directly to the callee terminal. In the second and thirdembodiments also, the control unit 411, 421, or 431 of the terminal maymake the determination in the described manner.

Note that the determination of whether or not the communication streamis a video stream may be made, for instance, in the following manner. Acommunication data type determination table is stored in advance in thestorage unit 406. The communication data type determination table showscorrelation between each communication data and the type of thecommunication data. On receiving, from the user via the input unit 407,a specification of communication data to be transmitted to a calleeterminal, the control unit 401 makes the determination by referring tothe communication data type determination table.

As a result, communication data other than I pictures is transmitteddirectly without being encrypted. Since restoration of encryption isunnecessary in the callee terminal, the load for decrypting thecommunication data is reduced. Furthermore, I pictures, which areessential in reproduction of video data, are transmitted after beingencrypted. This means that even if data communication is intercepted byanother party for some reason, the video data can be prevented frombeing played by the party.

(11) In the second embodiment, when transmitting a reception state querymessage to the terminal 114, the intermediate server 111 may transmit anotification message showing “connection denied” to the terminal 103also when connection cannot be established with the terminal 114.

Specifically, operations for the connection establishment determinationprocessing shown in FIG. 19 (step S1901 and step S1902) may be addedbetween the steps S1205 and S1606 of the flowchart of FIG. 16.

The following describes the operations with reference to FIG. 19.

At step S1205 of FIG. 16, when the IP address of the callee terminal 114was able to be acquired (step S1205: Y), the control unit 211 attemptsto connect to the terminal 114 (step S1901), and when able to connect(step S1902: Y), performs the processing at step S1606 onwards shown inFIG. 16. When not able to connect (step S1902: N), the control unit 211performs step S1211 in FIG. 16.

(12) In the second embodiment, the terminal 114 measures the CPU load,and determines whether or not to accept connection according to whetheror not the measured CPU load exceeds the CPU load upper limit (stepS1802 of FIG. 18). However, a method other than this method of measuringthe CPU load may be used to determine whether or not to acceptconnection. For instance, at the time of receiving an acceptance statequery message, the terminal 114 determines whether or not it iscurrently communicating with another terminal, and when not, transmits anotification message indicating “in connection acceptable state” to theintermediate server 111. When currently communicating with anotherterminal, the terminal 114 transmits a notification message indicating“in connection denial state” to the intermediate server 111.

Furthermore, in the third embodiment, when receiving an acceptance statequery message, the terminal 124, in the same manner as the terminal 114,may determine whether it is currently communicating with anotherterminal, and transmit a notification message to the intermediate server121 based on the determination result in the manner described above.

(13) In the first to third embodiments, the protocol used fortransmission and reception of communication data may be, for example,HTTP (Hyper Text Transfer Protocol), RTP (Real-Time Transport Protocol),RTSP (Real-Time Streaming Protocol)/RTP (Real-Time Transport Protocol),or FTP (File Transfer Protocol).

Furthermore, in the first to third embodiments, when transmittingmultimedia data such as video data, audio data, and image data, aprotocol stipulated by UPnP AV may be used as the data communicationcontrol protocol.

UPnP (Universal Plug & Play) is a technical specification developed bythe UPnP Forum so that devices, such as computers and peripherals,connected to a network recognize each other and function. A UPnP AV(UPnP AV Architecture) is a specification developed as a method fortransferring and reproducing digital contents in a home network withUPnP.

(14) In the communication systems of the first to third embodiments,after a connection is established between terminals, communication datatransfer processing for the intermediate server to transfercommunication data to a transmission destination terminal is performedin response to being asked to do so by a transmission source terminal.However, it is not mandatory that these transfer processing is performedin communication systems.

1. A communication system including a first communication terminal, asecond communication terminal, and a communication control server, thecommunication control server notifying destination information forspecifying an address of the second communication terminal on a network,and the first communication terminal transmitting a request message tothe communication control server to request the destination information,the communication control server comprising: a permitted-terminal tablestorage unit operable to store a permitted-terminal table that showscorrelation between the second communication terminal and one or moreconnection-permitted communication terminals that are permitted toconnect to the second communication terminal; a request messagereception unit operable to receive the request message; a terminaldetermination unit operable to determine, based on thepermitted-terminal table, whether or not the first communicationterminal that transmitted the received request message is aconnection-permitted communication terminal; and a notification controlunit operable to notify the first communication terminal of thedestination information, only when the first communication terminal hasbeen determined to be a connection-permitted communication terminal. 2.The communication system of claim 1, wherein the notification controlunit includes: an authentication information creation sub-unit operableto, only when the first communication terminal has been determined to bea connection-permitted terminal, create authentication information forthe second communication terminal to authenticate the firstcommunication terminal, the notification control unit further notifiesthe authentication information to the first communication terminal andthe second communication terminal, the first communication terminaltransmits the notified authentication information to the secondcommunication terminal when making a connection request to the secondcommunication terminal, and the second communication terminal comprises:a reception unit operable to receive the authentication information fromthe first communication terminal; a determination unit operable todetermine whether or not the received authentication information and thenotified authentication information match; and a connection control unitoperable to permit a connection from the first communication terminal,only when the received authentication information and the notifiedauthentication information match.
 3. The communication system of claim1, wherein the notification control unit includes: an encrypt keycreation unit operable to create an encrypt key for encryption anddecryption of information transmitted between the first communicationterminal and the second communication terminal, and the notificationcontrol unit further notifies the encrypt key to the first communicationterminal and the second communication terminal.
 4. The communicationsystem of claim 1, wherein the notification control unit further, beforenotifying the first communication terminal of the destinationinformation of the second communication terminal, transmits a querymessage to the second communication terminal, the query message queryingas to whether or not the second communication terminal is able to accepta connection from the first communication terminal, the second terminalcomprises: a reception unit operable to receive the query message; and aconnection acceptability notification unit operable to determine,according to a load state upon receiving the query message, whether ornot the connection from the first communication terminal is able to beaccepted, and notify the communication control server of anacceptability notification message that shows a result of thedetermination, the notification control unit includes: a connectionacceptability determination sub-unit operable to determine, based on thenotified acceptability notification message, whether or not the secondcommunication terminal is in a state of being able to accept theconnection from the first communication terminal, and when the secondcommunication terminal is in a state of being able to accept theconnection, the notification control unit notifies the firstcommunication terminal of the destination information.
 5. Thecommunication system of claim 4, wherein when the first communicationterminal is determined not to be a connection-permitted terminal, thenotification control unit notifies the first communication terminal of anotification message showing that the first communication terminal isnot permitted to connect to the second communication terminal, and whenthe second communication terminal is in a state of being unable toaccept the connection from the first communication terminal, thenotification control unit notifies the first communication terminal thatthe second communication terminal is unable to accept the connection. 6.A communication terminal that is connected to a communication controlserver over a network, comprising: a permitted-communication terminalregistration request unit operable to make a request, to thecommunication control server, to register one or more communicationterminals that are permitted to connect to the communication terminal;an authentication information reception unit operable to, when acommunication terminal that has requested destination information forspecifying an address of the communication terminal on the network isany one of the communication terminals that are permitted to connect tothe communication terminal, receive authentication information forauthenticating the communication terminal that requested the destinationinformation; an identification information reception unit operable toreceive, from the communication terminal that requested the destinationinformation, a connection acceptance request and identificationinformation that identifies the communication terminal that requestedthe destination information; a determination unit operable to determinewhether or not the authentication information and the identificationinformation match; and a connection control unit operable to permit aconnection based on the connection acceptance request from the terminalthat requested the destination information, only when the authenticationinformation and the identification information match.
 7. Thecommunication terminal of claim 6, wherein the identificationinformation reception unit further, before the connection acceptancerequest is transmitted, receives a query message from the communicationcontrol unit, the query message querying whether or not a connectionfrom the communication terminal that requested the destinationinformation is able to be accepted, and the connection control unitdetermines whether or not the connection from the first communicationterminal is able to be accepted according to a load state upon receivingthe query message, and notifies the communication control server of aresult of the determination.
 8. The communication terminal of claim 7,wherein the identification information reception unit, when thecommunication terminal is in a state of being unable to accept theconnection from the communication terminal that requested thedestination information, receives a transfer ask notification messagefrom the communication control server, the transfer ask notificationmessage notifying that a communication data transfer ask has been madeby the communication terminal that requested the destinationinformation, and the communication terminal comprises: a communicationdata acquirability determination unit operable to determine, accordingto a load state, whether or not the communication terminal has come tobe in a state of being able to acquire the communication data; atransfer request message transmission unit operable to, when thecommunication terminal has come into a state of being able to acquirethe communication data after the transfer ask notification message hasbeen received, transmit a transfer request message that requeststransfer of the communication data; and an acquisition unit operable toacquire the communication data transmitted from the communicationcontrol server in response to the transfer request message.
 9. Thecommunication terminal of claim 6, further comprising: a storage unitoperable to store a plurality of types of communication data potentiallytransmitted to a callee communication terminal, each type ofcommunication data being stored in correspondence with a respective dataattribute thereof; a transmission unit operable to transmit a requestmessage to the communication control server, the request messagerequesting destination information for specifying the address of acallee communication terminal on the network; an acquisition unitoperable to obtain the destination information notified by the server,only when the communication terminal is permitted to connect to thecallee terminal; a connection establishment unit operable to establish aconnection with the callee communication terminal based on the acquireddestination information; a designation reception unit operable toreceive a designation of communication data to be transmitted; a dataattribute determination unit operable to determine whether or not thedesignated communication data has a specific data attribute; a transferask unit operable to, when the designated communication data has thespecific data attribute, ask the communication control server totransfer the designated communication data to the callee communicationterminal; and a transmission control unit operable to control such that(i) when the designated communication data has the specific dataattribute, the designated communication data is transmitted to thecommunication control server, and (ii) when the designated communicationdata does not have the specific data attribute, the designatedcommunication data is transmitted directly to the callee terminal. 10.The communication terminal of claim 9, wherein the transmission controlunit includes: an extraction sub-unit operable to, when the designatedcommunication data is MPEG-encoded video data, extract an I picture fromthe video data; and an encryption sub-unit operable to encrypt theextracted I picture, the transfer ask unit asks that the encrypted Ipicture be transferred to the callee communication terminal, and thetransmission control unit transmits the encrypted I picture to thecommunication control server, and transmits remaining video dataexcluding the I picture directly to the connected callee communicationterminal.
 11. The communication terminal of claim 9, wherein the dataattributes show whether or not the communication data is secret, thetransfer ask unit, when the data attribute of the designatedcommunication data shows that the designated communication data issecret, asks the communication control server to transfer the designateddata to the callee communication terminal, and the communication controlunit, when the data attribute of the designated communication data showsthat the designated communication data is secret, encrypts thedesignated communication data, and transmits the encrypted designatedcommunication data to the communication control server.
 12. Thecommunication terminal of claim 6, wherein the address is an IP address.13. The communication terminal of claim 6, wherein the address iscomposed of an IP address and a port number.
 14. The communicationterminal of claim 6, wherein the address changes from time to time. 15.A communication control server that notifies destination information forspecifying an address of a communication terminal, comprising: apermitted-terminal table storage unit operable to store apermitted-terminal table that shows correlation between thecommunication terminal and one or more connection-permittedcommunication terminals that are permitted to connect to thecommunication terminal; a request message reception unit operable toreceive a request message from a request-source communication terminal,the request message requesting the destination information; a terminaldetermination unit operable to determine, based on the permittedterminal table, whether or not the request-source communication terminalis a connection-permitted communication terminal; and a notificationcontrol unit operable to notify the request-source communicationterminal of the destination information of the communication terminal,only when the request-source communication terminal is determined to bea connection-permitted communication terminal.
 16. A connection controlprogram used in a communication terminal that is connected to acommunication control server over a network, the connection controlprogram comprising: a permitted-communication terminal registrationrequest step of making a request, to the communication control server,to register one or more communication terminals that are permitted toconnect to the communication terminal; an authentication informationreception step of, when a communication terminal that has requesteddestination information for specifying an address of the communicationterminal on the network is any one of the communication terminals thatare permitted to connect to the communication terminal, receivingauthentication information for authenticating the communication terminalthat requested the destination information; an identificationinformation reception step of receiving, from the communication terminalthat requested the destination information, a connection acceptancerequest and identification information that identifies the communicationterminal that requested the destination information; a determinationstep of determining whether or not the authentication information andthe identification information match; and a connection control step ofpermitting a connection based on the connection acceptance request fromthe terminal that requested the destination information, only when theauthentication information and the identification information match. 17.A computer-readable recording medium on which is recorded a connectioncontrol program used in a communication terminal that is connected to acommunication control server over a network, the connection controlprogram comprising: a permitted-communication terminal registrationrequest step of making a request, to the communication control server,to register one or more communication terminals that are permitted toconnect to the communication terminal; an authentication informationreception step of, when a communication terminal that has requesteddestination information for specifying an address of the communicationterminal on the network is any one of the communication terminals thatare permitted to connect to the communication terminal, receivingauthentication information for authenticating the communication terminalthat requested the destination information; an identificationinformation reception step of receiving, from the communication terminalthat requested the destination information, a connection acceptancerequest and identification information that identifies the communicationterminal that requested the destination information; a determinationstep of determining whether or not the authentication information andthe identification information match; and a connection control step ofpermitting a connection based on the connection acceptance request fromthe terminal that requested the destination information, only when theauthentication information and the identification information match. 18.A connection control method used in a communication terminal that isconnected to a communication control server over a network, theconnection control method comprising: a permitted-communication terminalregistration request step of making a request, to the communicationcontrol server, to register one or more communication terminals that arepermitted to connect to the communication terminal; an authenticationinformation reception step of, when a communication terminal that hasrequested destination information for specifying an address of thecommunication terminal on the network is any one of the communicationterminals that are permitted to connect to the communication terminal,receiving authentication information for authenticating thecommunication terminal that requested the destination information; anidentification information reception step of receiving, from thecommunication terminal that requested the destination information, aconnection acceptance request and identification information thatidentifies the communication terminal that requested the destinationinformation; a determination step of determining whether or not theauthentication information and the identification information match; anda connection control step of permitting a connection based on theconnection acceptance request from the terminal that requested thedestination information, only when the authentication information andthe identification information match.